Mapping index

Hi there,
i have a mapping of an index like below:

"mappings": {
    "error": { 
      "_all":       { "enabled": false  }, 
      "properties": { 
        "message":    { "type": "text"  }, 
        "date":     { "type": "text"  }, 
        "level":      { "type": "text" }  
      }
    }
  }

This is pipeline.conf:

    input {
            file {
            path => "c:/logstash.log"
            start_position => "beginning"
            sincedb_path => "/dev/null"
            codec => multiline {
            pattern => "^%{TIMESTAMP_ISO8601}"
            negate => false
            what => "previous"
       }}}
    filter {
    grok{
    	  match => { "message" => "%{TIME:timestamp} %{LOGLEVEL:LEVEL} %{GREEDYDATA:errormsg}" }}}
    output {
    if	"ERROR" in [LEVEL]
    {
    elasticsearch {
      hosts=>"localhost:9200"
      index => "errors"
      }}

Please how can put the result of match in each properties:for example:
date=timestamp;
level=LEVEL;
message=errormsg;

Thanks for help.

That depends on what the event looks like.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.